Report - pkg-store.dl.mail.ru/packages/shop/0_2018054distrib9/RTM-64Bit/Roof%20Up%20Next%20Buildings.exe

Report Overview

Visited public
2023-12-10 10:35:43
Tags
URL
pkg-store.dl.mail.ru/packages/shop/0_2018054distrib9/RTM-64Bit/Roof%20Up%20Next%20Buildings.exe
Finishing URL
about:privatebrowsing
IP / ASN
188.93.63.73
#47764 Mail.Ru LLC
Title
about:privatebrowsing

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
aus5.mozilla.org	2548	1998-01-24	2015-10-27 08:06:24	2023-12-09 05:09:35	523 B	6.5 kB	35.244.181.201
ciscobinary.openh264.org	40822	2013-10-19	2014-10-07 07:43:56	2023-12-09 05:09:36	305 B	512 kB	62.115.252.115
pkg-store.dl.mail.ru	unknown	1997-09-27	2020-05-26 22:50:12	2023-12-09 05:10:08	561 B	654 kB	188.93.63.73

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

Scan Date	Severity	Indicator	Alert
2023-12-10	medium	pkg-store.dl.mail.ru/packages/shop/0_2018054distrib9/RTM-64Bit/Roof%20Up%20Next%20Buildings.exe	files - file ~tmp01925d3f.exe

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
pkg-store.dl.mail.ru/packages/shop/0_2018054distrib9/RTM-64Bit/Roof%20Up%20Next%20Buildings.exe
IP
188.93.63.73
ASN
#47764 Mail.Ru LLC

File type
PE32+ executable (GUI) x86-64, for MS Windows - data
Size
654 kB (653824 bytes)
Hash
a8df255600fc21817bf71191bb98092b
d60647a31f345633f56edb881e2af69ded2149e0
0bd27f64eeb473c42bf6f1a035c6ebb9641ee5a31bf3c0c9ec8937def2a0068e

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
62.115.252.115
ASN
#1299 Telia Company AB

File type
Zip archive data, at least v2.0 to extract, compression method=deflate - data
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

Archive (2)

Modified	Filename	Size	Md5	File type
2019-03-02 16:47	gmpopenh264.info	116 B	3d33cdc0b3d281e67dd52e14435dd04f	ASCII text
2019-03-02 16:47	libgmpopenh264.so	1.4 MB	b2c1253e8a09cfe03b3d7f37de12dff7	ELF 64-bit LSB shared object, x86-64, version 1 (SYSV)

JavaScript (0)

HTTP Transactions (3)

URL IP Response Size

pkg-store.dl.mail.ru/packages/shop/0_2018054distrib9/RTM-64Bit/Roof%20Up%20Next%20Buildings.exe

188.93.63.73

200 OK

654 kB

URL User Request GET HTTP/2
pkg-store.dl.mail.ru/packages/shop/0_2018054distrib9/RTM-64Bit/Roof%20Up%20Next%20Buildings.exe
IP
188.93.63.73:443
ASN
#47764 Mail.Ru LLC

Certificate
IssuerGlobalSign nv-sa
Subject*.dl.mail.ru
Fingerprint4B:CA:BA:E3:5F:84:FA:DB:F7:FB:4F:1A:3D:30:CD:A7:15:EC:17:CC
ValidityThu, 14 Sep 2023 11:20:00 GMT - Tue, 15 Oct 2024 11:19:59 GMT

File type
PE32+ executable (GUI) x86-64, for MS Windows - data
Size
654 kB (653824 bytes)
Hash
a8df255600fc21817bf71191bb98092b
d60647a31f345633f56edb881e2af69ded2149e0
0bd27f64eeb473c42bf6f1a035c6ebb9641ee5a31bf3c0c9ec8937def2a0068e

Detections

Analyzer	Verdict	Alert
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe

HTTP Headers

GET /packages/shop/0_2018054distrib9/RTM-64Bit/Roof%20Up%20Next%20Buildings.exe HTTP/1.1
Host: pkg-store.dl.mail.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 10 Dec 2023 10:35:19 GMT
content-type: application/octet-stream
content-length: 653824
last-modified: Fri, 07 Jul 2023 13:15:08 GMT
etag: "64a80fdc-9fa00"
accept-ranges: bytes
X-Firefox-Spdy: h2

aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml

35.244.181.201

5.8 kB

URL
aus5.mozilla.org/update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml
IP
35.244.181.201:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max speed, from Unix - data
Size
5.8 kB (5759 bytes)
Hash
26f74a51f3a41ab81bb1600c4dff77f8
94f623e1202d4fe4243e01b574201944e21ac815
68c20496e6e0670329c0a07f07d26fa6c870903c3c5f0f5082d8f6a09373be62

HTTP Headers

GET /update/3/GMP/111.0a1/20230218104546/Linux_x86_64-gcc3/null/default/Linux%205.15.0-76-generic%20(GTK%203.24.34%2Clibpulse%20not-available)/default/default/update.xml HTTP/1.1
Host: aus5.mozilla.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 10 Dec 2023 10:35:38 GMT
content-type: text/xml; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=90
rule-id: unknown
rule-data-version: unknown
content-signature: x5u=https://content-signature-2.cdn.mozilla.net/chains/aus.content-signature.mozilla.org-2024-01-19-16-42-22.chain; p384ecdsa=4vujcZdM-vvo5iHgHEcKmCCzqZBaAcJCbyNXK0bhLV4j7oYKY1hEWnsLMoWgqg1-aabcezlWdo5QZcHSX18X6GNaV7224e2cSD0TRxvyNHZFOPBfTCmVCdjakgFT3Inq
strict-transport-security: max-age=31536000;
x-content-type-options: nosniff
content-security-policy: default-src 'none'; frame-ancestors 'none'
x-proxy-cache-status: EXPIRED
content-encoding: gzip
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip

62.115.252.115

512 kB

URL
ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
IP
62.115.252.115:0
ASN
#1299 Telia Company AB

File type
Zip archive data, at least v2.0 to extract, compression method=deflate - data
Size
512 kB (511815 bytes)
Hash
152eda253e242e18443ef3282495bc7c
ff0fa85565f21ec4931baad4573b4c0bd08c4019
8e03090fee16f6e0ee2e436af8e51d0c3deed6d9f0db80dec048e668fc009a48

HTTP Headers

GET /openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip HTTP/1.1
Host: ciscobinary.openh264.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Last-Modified: Thu, 16 Nov 2023 07:38:15 GMT
ETag: 152eda253e242e18443ef3282495bc7c
Content-Length: 511815
Accept-Ranges: bytes
X-Timestamp: 1700120294.87662
Content-Type: application/zip
X-Trans-Id: tx15b69f172b404fa58b2bb-006555fb11dfw1
Cache-Control: public, max-age=174342
Expires: Tue, 12 Dec 2023 11:01:20 GMT
Date: Sun, 10 Dec 2023 10:35:38 GMT
Connection: keep-alive

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Detections

URL

IP

ASN

File type

Size

Hash

Archive (2)

JavaScript (0)

HTTP Transactions (3)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers